Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] RE: rule overwriting old rule?

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] RE: rule overwriting old rule?


Chronological Thread 
  • From: "Michael R. Gettes" <>
  • To: Chris Hyzer <>
  • Cc: Jeffrey T Eaton <>, "" <>
  • Subject: Re: [grouper-users] RE: rule overwriting old rule?
  • Date: Tue, 1 Apr 2014 20:03:28 +0000
  • Accept-language: en-US

I’d like to ask a question to appreciate the rationale - cuz this doesn’t appear intuitively obvious to me.

Why the assign?  Why not just add?  I’m not appreciating the design/thought process behind assign then add.  Not that it’s all that big a deal cuz eventually a reasonable UI will hide all this stuff, but I’d just like to understand.

/mrg

On Apr 1, 2014, at 1:58 PM, Chris Hyzer <> wrote:

You are taking the same assignment, and changing the value of attributes.  "assign" is if you want to assign one attribute/rule, "add" will add more assignments (multi-assign)
 
You need a new attribute assignment for each rule.
 
FROM:
 
AttributeAssign attributeAssignRecent = recentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
 
TO:
 
AttributeAssign attributeAssignRecent = recentGroup.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
 
Note, when you edit these rules, you need to get the right one by looking at the attribute values.
 
Thanks,
Chris
 
-----Original Message-----
From: [] On Behalf Of Jeffrey T Eaton
Sent: Tuesday, April 01, 2014 1:47 PM
To:
Subject: [grouper-users] rule overwriting old rule?
 
 
I’m trying to set up a set of Grouper Rules on some groups, and am running into a problem where when I add a new rule, it overwrites one of the old rules.
 
Basically, what I have is one group, which is populated by a loader job automatically.  The group contains all subjects with a current Student affiliation.  I want to have a set of groups that reflect “current” students, and one that has “recent” students, so that we can have certain permissions granted to people who were recently students (so that when you lose your affiliation, you still have access to certain resources for a period of time).
 
If I try to add the following series of rules, using gsh, exiting gsh entirely after each rule, and verifying that I can see the rules in the lite UI "View or assign attributes” screen, the first two work fine.  When I add the third rule, it overwrites the second rule.    There are no other rules in the system when I start.
 
Is there some limitation on having two rules, owned by the same group, but with different actions?
 
We are using Grouper 2.1.4.  I did a quick check of the 2.1.5 release notes, and nothing about rules jumped out at me, but I can try to get my system upgraded if that will help.
 
-jeaton
 
The rules:
 
 
// Rule 1: on the "current" group…
grouperSession = GrouperSession.startRootSession();
currentGroup = GroupFinder.findByName(grouperSession, "Apps:Provisioning:auto:Active-Students-Current");
AttributeAssign attributeAssignCurrent = currentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
 
attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa");
attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem");
 
// Rule 1: Fires when a member is added to the corresponding loader-managed group
attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(), "Apps:Provisioning:auto:Active-Students");
attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipAdd.name());
 
// Rule 1: ... then the member is added to the current group
attributeAssignCurrent.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.addMemberToOwnerGroup.name());
 
 
// Rule 2: on the "recent" group…
grouperSession = GrouperSession.startRootSession();
recentGroup = GroupFinder.findByName(grouperSession, "Apps:Provisioning:auto:Active-Students-Recent");
AttributeAssign attributeAssignRecent = recentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
 
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa");
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem");
 
// Rule 2: Fires when a member is added to the "Current" group
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(), "Apps:Provisioning:auto:Active-Students-Current");
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipAdd.name());
 
// Rule 2: Then removed the member from the "recent" group (because if you are current, you are no longer recent)
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.removeMemberFromOwnerGroup.name());
 
 
// Now, for the opposite rules
// Rule 3: on the "recent" group…
grouperSession = GrouperSession.startRootSession();
recentGroup = GroupFinder.findByName(grouperSession, "Apps:Provisioning:auto:Active-Students-Recent");
AttributeAssign attributeAssignRecent = recentGroup.getAttributeDelegate().assignAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
 
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa");
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem");
 
// Rule 3: Fires when a member is removed from the corresponding loader-managed group
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(), "Apps:Provisioning:auto:Active-Students");
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipRemove.name());
 
// Then add member to the "recent" group
attributeAssignRecent.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.addMemberToOwnerGroup.name());




Archive powered by MHonArc 2.6.16.

Top of Page